From c3b7f183aea9e09b3846e715cff4525ebb02dcf8 Mon Sep 17 00:00:00 2001
From: Ruidy <ruidy.nemausat@gmail.com>
Date: Sun, 19 May 2024 08:24:31 +0200
Subject: [PATCH] csrf protection

---
 internal/pdf/service.go   | 2 +-
 internal/server/server.go | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/internal/pdf/service.go b/internal/pdf/service.go
index 95ad80a..4856a00 100644
--- a/internal/pdf/service.go
+++ b/internal/pdf/service.go
@@ -77,7 +77,7 @@ func (ps PdfService) BuildInvoice(b *booking.Booking, hc *config.Host) error {
 
 	payload, err := json.Marshal(data)
 	if err != nil {
-		log.Warnf("Error marshalling JSON:", err)
+		log.Warnf("Error marshalling JSON: %s", err)
 		return err
 	}
 
diff --git a/internal/server/server.go b/internal/server/server.go
index c7e5d35..5fe2fcb 100644
--- a/internal/server/server.go
+++ b/internal/server/server.go
@@ -150,6 +150,7 @@ func NewRouter(fs embed.FS, debug bool) *echo.Echo {
 	e.Use(middleware.Recover())
 	e.Use(middleware.Secure())
 	e.Use(middleware.Gzip())
+	e.Use(middleware.CSRF())
 	e.Use(sentryecho.New(sentryecho.Options{}))
 	e.Use(SentryTracingMiddleware)
 	// static assets